From: Nir Wittenberg (nwittenberg@msncomm.com)
Date: Tue Apr 20 2004 - 01:54:20 GMT-3
You are hitting the nail on the head with my customers issue.
FYI, I don't have access to the customer's DNS or workstations.
-----Original Message-----
From: istong@stong.org [mailto:istong@stong.org]
Sent: Friday, April 16, 2004 9:43 PM
To: Tony Schaffran; Nir Wittenberg; ccielab@groupstudy.com
Subject: RE: DNS and NAT
I don't think that's the problem he is addressing.
Certainly you can exclude your web server from the static
nat and leave it as is but what usually is the case is you
have a web server internally that is assigned a private IP address. It
is then statically nat'd to a public address.
The issue then becomes outside users get resolved to the
server via the public address and internal users also get resolved to
the outside public address. The PIX addresses it with the alias command
and other DNS solutions.
With a router doing the NATing the question was how can you configure it
to deal with this issue. I'm not aware of a way to do it but there may
be a way to do it. Aside from using the router you could use Split DNS
and have an internal DNS server that resolves your internal private
addresses and then refers to an outside DNS server for public addresses.
Also you can configure static mappings in your local hosts file on the
workstations as well.
Ian
http://www.ccie4u.com
High End Rack Rentals and CCIE Lab Scenarios starting at $20
> This sounds like a problem with your NAT configuration. I have come
> across this situation several times with our customers.
>
> The problem has been that when they static NAT an internal IP, like
> their web server, they forget to exclude that address from the dynamic
> NAT pool.
>
> Tony Schaffran
> Network Analyst
> CCIE #11071
> CCNP, CCNA, CCDA,
> NNCDS, NNCSS, CNE, MCSE
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]
> On Behalf Of Nir Wittenberg
> Sent: Friday, April 16, 2004 1:55 PM
> To: ccielab@groupstudy.com
> Subject: DNS and NAT
>
> Is there a solution within IOS to intercept DNS
> resolution? My issue is that I have hosts and a WWW
> server on the same segment. All are being NATed. The DNS servers
> sits outside of the Network/NAT and tells the rest of the enterprise
> the way to get to the WWW server use this global IP which has a static
> translation to the WWW server. The issue is that when the local host
> do a DNS lookup they are getting the global IP rather than the
> local IP.
>
> I know the PIX can do this with the dns and alias
> keywords but I am looking for an IOS solution.
>
> Thanks,
> Nir
> CCIE 12261
>
> __________________________________________________________
> _____________ Please help support GroupStudy by purchasing your study
> materials from: http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> __________________________________________________________
> _____________ Please help support GroupStudy by purchasing your study
> materials from: http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
______________________________________________
Check Your Email From Any Where in the World!
Tell Your Friends about MyEmail.com!
______________________________________________
This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:50 GMT-3